Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Security Frameworks in Mobile Cloud Computing Read chapter Read first chapter

2020 | OriginalPaper | Chapter

16. Cooperative Mechanisms for Defending Distributed Denial of Service (DDoS) Attacks

Authors : Prachi Gulihar, B. B. Gupta

Published in: Handbook of Computer Networks and Cyber Security

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Distributed denial of service (DDoS) attack is one of the biggest challenges faced by the Internet community today. DDoS attack attempts to disrupt the availability of resources to the legitimate users by overwhelming the network and server resources. In this chapter, we discuss the importance of cooperative mechanisms over the centralised ones and various existing cooperative techniques to defend against DDoS attack. We also discuss their major drawbacks. The major disadvantage of centralised defence mechanism is single point of failure when the central kingpin node itself comes under attack. What we realise is that although these techniques have been developed, they are rarely deployed in the real world because the researchers have long ignored the economic incentive part in the working of cooperative DDoS mechanisms. Due to lack of incremental payment structures, the cooperation between the nodes fails. Sometimes the payment structures are non-existent, and in some cases, the payment structure is in place, but the incentives are not lucrative enough for the nodes to share their resources. The DDoS attack scenario can be divided into attack phase, detection phase and response phase. When the attacker machines perform in cooperation, then for the defence mechanism to be strong, it should also be in cooperation. This work gives an overview of the existing cooperative defence mechanisms at different layers of the Open Systems Interconnection (OSI) model and an overview of mechanism using third party for any of these three phases.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Survey on DDoS Attack Techniques and Solutions in Software-Defined Network
next chapter Epidemic Modelling for the Spread of Bots Through DDoS Attack in E-Commerce Network
Literature
1.
Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–2069.CrossRef
2.
Srivastava, A., Gupta, B. B., Tyagi, A., Sharma, A., & Mishra, A. (2011). A recent survey on DDoS attacks and defense mechanisms. In Advances in parallel distributed computing (pp. 570–580). Berlin: Springer.CrossRef
3.
Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39–53.CrossRef
4.
Xu, K., Zhang, Z.-L., & Bhattacharyya, S. (2005). Reducing unwanted traffic in a backbone network. In Steps to reducing unwanted traffic on the internet workshop (SRUTI) (p. 915). Berkeley, CA: USENIX Association.
5.
6.
Garber, L. (2000). Denial-of-service attacks rip the internet. Computer, 33(4), 12–17.CrossRef
7.
8.
Liu, X., Li, A., Yang, X., & Wetherall, D. (2008). Passport: Secure and adoptable source authentication. Renton, WA: USENIX.
9.
Argyraki, K., & Cheriton, D. R. (2009). Scalable network-layer defense against internet bandwidth-flooding attacks. IEEE/ACM Transactions on Networking (ToN), 17(4), 1284–1297.CrossRef
10.
Liu, X., Yang, X., & Lu, Y. (2008). To filter or to authorize: Network-layer DoS defense against multimillion-node botnets. In ACM SIGCOMM computer communication review (Vol. 38(4), pp. 195–206). New York: ACM.
11.
12.
13.
Molsa, J. (2006). Mitigating denial of service attacks in computer networks. PhD thesis, Helsinki University of Technology, Espoo, Finland.
14.
Specht, S. M., & Lee, R. B. (2004). Distributed denial of service: Taxonomies of attacks, tools, and countermeasures. In ISCA PDCS (pp. 543–550).
15.
Paxson, V. (2001). An analysis of using reflectors for distributed denial-of-service attacks. ACM SIGCOMM Computer Communication Review, 31(3), 38–47.CrossRef
16.
Chang, R. K. (2002). Defending against flooding-based distributed denial-of-service attacks: A tutorial. IEEE Communications Magazine, 40(10), 42–51.CrossRef
17.
18.
Mölsä, J. (2006). Mitigating denial of service attacks in computer networks. Espoo: Helsinki University of Technology.
19.
Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–2069.CrossRef
20.
Chen, R., & Park, J. M. (2005). Attack diagnosis: Throttling distributed denial-of-service attacks close to the attack sources. In Proceedings of the 14th International Conference on Computer Communications and Networks, ICCCN 2005 (pp. 275–280). Piscataway, NJ: IEEE.
21.
Chen, R., Park, J. M., & Marchany, R. (2006). TRACK: A novel approach for defending against distributed denial-of-service attacks. In Technical Report TR ECE—O6–02. Blacksburg, VA: Department of Electrical and Computer Engineering, Virginia Tech.
22.
Papadopoulos, C., Lindell, R., Mehringer, J., Hussain, A., & Govindan, R. (2003). Cossack: Coordinated suppression of simultaneous attacks. In Proceedings: DARPA information survivability conference and exposition, 2003 (Vol. 1, pp. 2–13). Los Alamitos, CA: IEEE.CrossRef
23.
Anderson, T., Roscoe, T., & Wetherall, D. (2004). Preventing internet denial-of-service with capabilities. ACM SIGCOMM Computer Communication Review, 34(1), 39–44.CrossRef
24.
Argyraki, K., & Cheriton, D. R. (2009). Scalable network-layer defense against internet bandwidth-flooding attacks. IEEE/ACM Transactions on Networking (ToN), 17(4), 1284–1297.CrossRef
25.
Liu, X., Yang, X., & Lu, Y. (2008). To filter or to authorize: Network-layer DoS defense against multimillion-node botnets. In ACM SIGCOMM Computer Communication Review (Vol. 38(4), pp. 195–206). New York: ACM.
26.
Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Karger, D., & Shenker, S. (2006). DDoS defense by offense. In ACM SIGCOMM Computer Communication Review (Vol. 36(4), pp. 303–314). New York: ACM.CrossRef
27.
Yu, J., Li, Z., Chen, H., & Chen, X. (2007). A detection and offense mechanism to defend against application layer DDoS attacks. In Third International Conference on Networking and Services, 2007. ICNS (pp. 54–54). Piscataway, NJ: IEEE.
28.
Mahajan, R., Bellovin, S. M., Floyd, S., Ioannidis, J., Paxson, V., & Shenker, S. (2002). Controlling high bandwidth aggregates in the network. ACM SIGCOMM Computer Communication Review, 32(3), 62–73.CrossRef
29.
Mirkovic, J., Robinson, M., & Reiher, P. (2003). Alliance formation for DDoS defense. In Proceedings of the 2003 workshop on New security paradigms (pp. 11–18). New York: ACM.CrossRef
30.
Li, A., Yang, X., & Wetherall, D. (2008). Passport: Secure and adoptable source authentication. Renton, WA: USENIX.
31.
Kandula, S., Katabi, D., Jacob, M., & Berger, A. (2005). Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds. In Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation-Volume 2 (pp. 287–300). Berkeley, CA: USENIX Association.
32.
Srivatsa, M., Iyengar, A., Yin, J., & Liu, L. (2008). Mitigating application-level denial of service attacks on Web servers: A client-transparent approach. ACM Transactions on the Web (TWEB), 2(3), 15.
33.
Hussain, A., Schwab, S., Thomas, R., Fahmy, S., & Mirkovic, J. (2006, June). DDoS experiment methodology. In Proceedings of DETER Community Workshop (pp. 8–14).
34.
Ko, C., Hussain, A., Schwab, S., Thomas, R., & Wilson, B. (2006, June). Towards systematic IDS evaluation. In Proceedings of DETER Community Workshop (pp. 20–23).
35.
Feibel, W. (2000). The network press encyclopedia of networking. San Francisco, CA: Sybex.
Metadata
Title
Cooperative Mechanisms for Defending Distributed Denial of Service (DDoS) Attacks
Authors
Prachi Gulihar
B. B. Gupta
Copyright Year
2020
Book
Handbook of Computer Networks and Cyber Security

Print ISBN: 978-3-030-22276-5

Electronic ISBN: 978-3-030-22277-2

Copyright Year: 2020

DOI
https://doi.org/10.1007/978-3-030-22277-2_16

Premium Partner

    Image Credits